github.com/cloudflare/circl@v1.5.0/dh/sidh/doc.go (about) 1 // Package sidh is deprecated, it provides SIDH and SIKE key encapsulation 2 // mechanisms. 3 // 4 // # DEPRECATION NOTICE 5 // 6 // SIDH and SIKE are deprecated as were shown vulnerable to a key recovery 7 // attack by Castryck-Decru's paper (https://eprint.iacr.org/2022/975). New 8 // systems should not rely on this package. This package is frozen. 9 // 10 // # SIDH and SIKE 11 // 12 // This package provides implementation of experimental post-quantum 13 // Supersingular Isogeny Diffie-Hellman (SIDH) as well as Supersingular 14 // Isogeny Key Encapsulation (SIKE). 15 // 16 // It comes with implementations of three different field arithmetic 17 // implementations sidh.Fp434, sidh.Fp503, and sidh.Fp751. 18 // 19 // | Algorithm | Public Key Size | Shared Secret Size | Ciphertext Size | 20 // |-----------|-----------------|--------------------|-----------------| 21 // | SIDH/p434 | 330 | 110 | N/A | 22 // | SIDH/p503 | 378 | 126 | N/A | 23 // | SIDH/p751 | 564 | 188 | N/A | 24 // | SIKE/p434 | 330 | 16 | 346 | 25 // | SIKE/p503 | 378 | 24 | 402 | 26 // | SIKE/p751 | 564 | 32 | 596 | 27 // 28 // In order to instantiate SIKE/p751 KEM one needs to create a KEM object 29 // and allocate internal structures. This can be done with NewSike751 helper. 30 // After that, the kem variable can be used multiple times. 31 // 32 // var kem = sike.NewSike751(rand.Reader) 33 // kem.Encapsulate(ciphertext, sharedSecret, publicBob) 34 // kem.Decapsulate(sharedSecret, privateBob, publicBob, ciphertext) 35 // 36 // Code is optimized for AMD64 and aarch64. Generic implementation 37 // is provided for other architectures. 38 // 39 // References: 40 // 41 // - [SIDH] https://eprint.iacr.org/2011/506 42 // - [SIKE] http://www.sike.org/files/SIDH-spec.pdf 43 package sidh